Security Analyst with around 6 years in expertise in phishing, malware analysis, host isolation, and threat detection using Microsoft Defender ATP. Proficient in SIEM tools, endpoint security, IAM role management in SOAR technologies. Skilled in email security, vulnerability assessments, and proactive threat hunting to enhance organizational security.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Security Engineer
Cognizant Technology Solutions
Bengaluru
07.2021 - 11.2024
Hands-on experience in analysing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators into the tenant allow list/block list based on analysing the IOCs.
Implemented and configured Azure Sentinel, Log Analytics workspaces, conditional access policies, and custom detection rules to enhance threat detection and response capabilities.
Deployed and integrated Microsoft Sentinel SOAR playbooks using Logic Apps, automating incident response, and reducing manual intervention time.
Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP.
Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel.
Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment.
Configured and managed Azure Sentinel dashboards, data connectors, and notebooks to centralize log collection and improve visibility across enterprise environments.
Creating and fine-tuning use cases and custom detection rules by using the SPL and KQL languages in Defender and Splunk portals.
Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing.
Knowledge of Group Policy Objects, Active Directory security and compliance configurations, and migrating to the Intune administrator console.
Monitoring, analysing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices, and analysing the logs to find suspicious activities.
Expertise in using SOAR technologies such as Logic Apps, implementing playbooks, and creating automation rules using Microsoft Sentinel SOAR.
Experienced in creating and fine-tuning compliance policies and ASR rules using the Intune portal. Good hands-on experience in creating use cases and custom detection rules in Defender and Azure Sentinel by using the KQL language.
Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, which include Office 365 email security solutions.
Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs.
Proficient in Kusto Query Language (KQL): very good at writing and optimising queries to analyse large datasets in Azure Sentinel and MS Defender.
Security Analyst
Capgemini
Kolkata
10.2019 - 03.2020
Proficiency with log review and analysis, logical thinking, the ability to correlate events, the ability to triage events, the demonstration of analytical expertise, close attention to detail, excellent critical thinking, logic, solution orientation, and the ability to learn and adapt quickly.
Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser.
Designed and deployed Azure Sentinel workspaces, detection rules, and conditional access policies, strengthening enterprise threat visibility.
Implemented Sentinel SOAR playbooks via Logic Apps, automating incident response workflows and reducing remediation time.
Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs.
Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers.
Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel.
Good knowledge in analysing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access.
Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analyses of events, which makes the customer's business safe and secure.
Good hands-on experience in the integration of AWS and Azure security, implementing the policies, and fine-tuning the rules.
Experience in supporting, fine-tuning, and troubleshooting correlation searches in Splunk SIEM. Good hands-on experience in managing the P1 bridge call, involving the stakeholders, and experience in creating the incident response report for critical incidents.
Expertise in Splunk Enterprise architecture such as Search Heads, Indexers, Deployment Server, Licence Master, and Heavy/Universal Forwarders.
Good hands-on experience in creating the SOPs, playbooks, and runbooks using Splunk and Defender, and hands-on experience in creating and managing the endpoint health check reports and vulnerability reports to reduce the exposure score.
Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal.
Security Analyst
Adrola Software Technologies pvt ltd
Bengaluru
11.2017 - 09.2019
Experienced SOC analyst in Microsoft ATP Defender, Crowdstrike Falcon, O365, Splunk SIEM, and Qradar.
Implemented security measures to protect systems from malware, phishing, and other cyber threats. Performed security event monitoring of heterogeneous networks such as firewalls, IDS/IPS, and DLP devices using Splunk.
Experience in creating and maintaining the daily, weekly, and monthly reports of device health status by using Defender ATP.
Assisted in the deployment and configuration of Azure Sentinel workspaces and detection rules, improving visibility into security events.
Contributed to the implementation of Sentinel SOAR playbooks with Logic Apps, helping automate basic incident response workflows.
Good hands-on experience in providing KT sessions and training, and assigning tasks to juniors.
Experience in initiating the vulnerability scans on the end devices/servers for automated reports.
Monitor various security tools (Email Gateway, IDS/IPS, EDR, SIEM, etc.) for security events and triage security incidents.
Good knowledge of MITRE ATT&CK, the diamond model, and other cyber threat kill chains.
Experience in analysing phishing and malicious email campaigns to identify IOCs and contain those IOCs.
Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs.
Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint.
Experience in creating the PIM and PAM roles, assigning the licences, and creating the RBAC roles using Azure Entra ID.
Experienced in creating IR reports for high alert notifications, and hands-on experience in creating and managing SOPs and playbooks.
Education
B.E - E.E.E
Sanketika Vidya Parishad
Visakhapatnam, AP
01.2015
Skills
Endpoint security: Carbon Black and MS Defender 365
SIEM: Azure Seninel, Splunk and Q Radar
SOAR: Azure Sentinel and Google Chronicle
Antivirus: Symantec
Vulnerability Management: Rapid 7
Email Security: Office 365, Proofpoint
Windows Server Management
Incident Response: ServiceNow
DLP : MS Purview
MS Intune Administrator
Certification
SC200- Security operational analyst
SC300- Identity and access management administrator
Sr. Executive Support at Cognizant technology Solutions, Cognizant Technology SolutionsSr. Executive Support at Cognizant technology Solutions, Cognizant Technology Solutions